Knowledge Search


×
 

[WLC] Example - Configuring SSID with Pre-Shared Key and Web Portal Authentication

  [KB32816] Show Article Properties


Summary:

This article provides the steps to configure SSID with Pre-Shared Key and Web Portal Authentication on the WLC.

Solution:

The following steps are used on CLI mode and SmartPass.

  1. Create a service-profile and SSID.

    # set service-profile PSK-PORTAL ssid-name PSK-PORTAL
    # set service-profile PSK-PORTAL ssid-type crypto
    # set service-profile PSK-PORTAL auth-fallthru web-portal
    # set service-profile PSK-PORTAL web-portal-form web/wba_form.html
    # set service-profile PSK-PORTAL web-portal-acl PSK-PORTAL
    # set service-profile PSK-PORTAL wpa-ie auth-dot1x disable
    # set service-profile PSK-PORTAL rsn-ie auth-dot1x disable
    # set service-profile PSK-PORTAL rsn-ie cipher-ccmp enable
    # set service-profile PSK-PORTAL rsn-ie auth-psk enable
    # set service-profile PSK-PORTAL psk-encrypted 135643430e08027b2e712e67317016551555580e0c0d0b575a5b1b41000d040b5705035d5e55545c025415515002585e5823184b504c5241475c0d527f7a752b37
    # set service-profile PSK-PORTAL attr vlan-name default
    # set service-profile PSK-PORTAL rsn-ie enable
    # set radio-profile default service-profile PSK-PORTAL
    
    
  2. Create an ACL.

    #set security acl name PSK-PORTAL permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
    #set security acl name PSK-PORTAL permit ip 0.0.0.0 255.255.255.255 10.9.221.232 0.0.0.0
    #set security acl name PSK-PORTAL deny 0.0.0.0 255.255.255.255 capture
    #commit security acl PSK-PORTAL
    
    
  3. Map the ACL and set authentication rule.

    # set radius server PSK-PORTAL address 10.9.221.231 auth-port 1811 encrypted-key 1312121e0803092f0b757a6061
    # set radius dac PSK-PORTAL address 10.9.221.232 replay-protect disable encrypted-key 0013160a075406032f701e1d5d
    # set authentication web ssid PSK-PORTAL ** local
    # set authorization dynamic ssid PSK-PORTAL PSK-PORTAL
    
    
  4. Check the connectivity between the WLC and the SmartPass.

    # radping server PSK-PORTAL request authentication user PSK-PORTAL password <password>
    
    
  5. Using the WEBGUI Interface of the SmartPass Server create a user. Go to Users > Create User > add USER, USER TYPE, PASSWORD, CONFIRM PASSWORD > Save



    Go to User > User Management to confirm the user properly saved.
  6. Go to Setup > RADIUS Client Settings > Click ADD > IP Address, Shared Secret Key, Vendor: Trapeze > Save.



    To confirm the changes, go to Setup > RADIUS Client Settings. The RADIUS client should be present.
  7. Go to Setup > Web Portal Management > Click ADD Web Portal Configuration > Create SSID (Example name PSK-PORTAL) > Next > Next > Finish.



    NOTE: If you are using Authentication Type > Local then select it and proceed without making any further changes > Finish.



     
    To confirm, go to Setup > Web Portal Management > the SSID.

  8. Go to Setup > RADIUS Servers Management > Click ADD to create the RADIUS server and RADIUS server group.

    NOTE: First, add RADIUS Server > IP Address > Shared Secret key > check for AUTHENTICATION PORT. If required, also check for AUTHORIZATION PORT > add RADIUS Server Group > Finish.



     
    To verify the changes, go to Setup > Radius Servers Management.


Check User Connectivity:

Use the following command at the end to check the user connectivity.

#show sessions

 

Related Links: